public inbox for libc-hacker@sourceware.org
 help / color / mirror / Atom feed
From: Andreas Schwab <schwab@redhat.com>
To: libc-hacker@sourceware.org
Subject: [PATCH] Fix memory leak in dlopen with RTLD_NOLOAD
Date: Wed, 23 Feb 2011 15:05:00 -0000	[thread overview]
Message-ID: <m3r5ayeqqj.fsf@redhat.com> (raw)

2011-02-23  Andreas Schwab  <schwab@redhat.com>

	[BZ #12509]
	* elf/dl-load.c (_dl_map_object_from_fd): Free realname before
	returning unsuccessfully.

	* elf/Makefile ($(objpfx)noload-mem): New rule.
	(noload-ENV): Define.
	(tests): Add $(objpfx)noload-mem.
	* elf/noload.c: Include <memcheck.h>.
	(main): Call mtrace.  Close all opened handles.
---
 elf/Makefile  |    6 +++++-
 elf/dl-load.c |    2 ++
 elf/noload.c  |   22 ++++++++++++++++------
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/elf/Makefile b/elf/Makefile
index b8a218d..051d4fb 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -216,7 +216,7 @@ ifeq (no,$(cross-compiling))
 ifeq (yesyes,$(have-fpie)$(build-shared))
 tests: $(objpfx)tst-pie1.out
 endif
-tests: $(objpfx)tst-leaks1-mem
+tests: $(objpfx)tst-leaks1-mem $(objpfx)noload-mem
 endif
 tlsmod17a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
 tlsmod18a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
@@ -688,6 +688,10 @@ $(objpfx)noload: $(objpfx)testobj1.so $(common-objpfx)dlfcn/libdl.so
 LDFLAGS-noload = -rdynamic
 $(objpfx)noload.out: $(objpfx)testobj5.so
 
+$(objpfx)noload-mem: $(objpfx)noload.out
+	$(common-objpfx)malloc/mtrace $(objpfx)noload.mtrace > $@
+noload-ENV = MALLOC_TRACE=$(objpfx)noload.mtrace
+
 LDFLAGS-nodelete = -rdynamic
 LDFLAGS-nodelmod1.so = -Wl,--enable-new-dtags,-z,nodelete
 LDFLAGS-nodelmod4.so = -Wl,--enable-new-dtags,-z,nodelete
diff --git a/elf/dl-load.c b/elf/dl-load.c
index e9e3876..8ac0a7c 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -894,6 +894,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
     {
       /* We are not supposed to load the object unless it is already
 	 loaded.  So return now.  */
+      free (realname);
       __close (fd);
       return NULL;
     }
@@ -912,6 +913,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
       _dl_zerofd = _dl_sysdep_open_zero_fill ();
       if (_dl_zerofd == -1)
 	{
+	  free (realname);
 	  __close (fd);
 	  _dl_signal_error (errno, NULL, NULL,
 			    N_("cannot open zero fill device"));
diff --git a/elf/noload.c b/elf/noload.c
index 9281ec7..807e1c4 100644
--- a/elf/noload.c
+++ b/elf/noload.c
@@ -1,20 +1,28 @@
 #include <dlfcn.h>
 #include <stdio.h>
+#include <mcheck.h>
 
 int
 main (void)
 {
   int result = 0;
+  void *p, *q;
+
+  mtrace ();
 
   /* First try to load an object which is a dependency.  This should
      succeed.  */
-  if (dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+  p = dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD);
+  if (p == NULL)
     {
       printf ("cannot open \"testobj1.so\": %s\n", dlerror ());
       result = 1;
     }
   else
-    puts ("loading \"testobj1.so\" succeeded, OK");
+    {
+      puts ("loading \"testobj1.so\" succeeded, OK");
+      dlclose (p);
+    }
 
   /* Now try loading an object which is not already loaded.  */
   if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) != NULL)
@@ -25,8 +33,6 @@ main (void)
   else
     {
       /* Load the object and run the same test again.  */
-      void *p;
-
       puts ("\"testobj5.so\" wasn't loaded and RTLD_NOLOAD prevented it, OK");
 
       p = dlopen ("testobj5.so", RTLD_LAZY);
@@ -41,13 +47,17 @@ main (void)
 	{
 	  puts ("loading \"testobj5.so\" succeeded, OK");
 
-	  if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+	  q = dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD);
+	  if (q == NULL)
 	    {
 	      printf ("cannot open \"testobj5.so\": %s\n", dlerror ());
 	      result = 1;
 	    }
 	  else
-	    puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+	    {
+	      puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+	      dlclose (q);
+	    }
 
 	  if (dlclose (p) != 0)
 	    {
-- 
1.7.4


-- 
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."

                 reply	other threads:[~2011-02-23 15:05 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m3r5ayeqqj.fsf@redhat.com \
    --to=schwab@redhat.com \
    --cc=libc-hacker@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).